Administration Console Online Help

Local Tuxedo Access Points: Security

Use this page to define the security configuration of a local Tuxedo
access point that will be used with this WTC Service.

Domain gateways can authenticate incoming connections requested by
remote Tuxedo access points and outgoing connections requested by local
Tuxedo access points. You define when security should be enforced for
incoming connections from remote Tuxedo access points. Specify the level
of security used by a particular local Tuxedo access point by setting the
SECURITY attribute. Data encryption can be used to prevent network-based
eavesdroppers from accessing the content of messages or
application-generated messages flowing from local Tuxedo access points to
remote Tuxedo access points. Configure this security mechanism by setting
the MINENCRYPTBITS and MAXENCRYPTBITS attributes.

The passphrase used to retrieve the server's private key from
the keystore. This passphrase is assigned to the private key when
it is generated.

When you get the value of this attribute, WebLogic Server does
the following:

Retrieves the value of the
PrivateKeyPassPhraseEncrypted attribute.

Decrypts the value and returns the unencrypted passphrase as a
String.

When you set the value of this attribute, WebLogic Server does
the following:

Encrypts the value.

Sets the value of the PrivateKeyPassPhraseEncrypted
attribute to the encrypted value.

Using this attribute (PrivateKeyPassPhrase) is a
potential security risk because the String object (which contains
the unencrypted passphrase) remains in the JVM's memory until
garbage collection removes it and the memory is reallocated.
Depending on how memory is allocated in the JVM, a significant
amount of time could pass before this unencrypted data is removed
from memory.

Instead of using this attribute, use
getPrivateKeyPassPhraseEncrypted.

Provides the configuration rule to be used for finding Local Access
Point's identity key store and trust key store. In plain text, it
contains information on where the identity key store and trust key
store are configured. When KeyStoreLocation is configured with
WLS Store, WTC uses configuration information from the
WLS Key Stores configuration. Otherwise, it uses the key stores
information configured in the Local Access Point.

The path and file name of the identity keystore. The path name can
be either be absolute or relative to where the server was booted. The
identity key store file name is only used if KeystoreLocation is
Custom Stores.

The custom identity keystore's passphrase. If empty or null,
then the keystore will be opened without a passphrase.

This attribute is only used if KeyStores is "Custom Stores".

When you get the value of this attribute, WebLogic Server does
the following:

Retrieves the value of the
IdentityKeyStorePassPhraseEncrypted attribute.

Decrypts the value and returns the unencrypted password as a
String.

When you set the value of this attribute, WebLogic Server does
the following:

Encrypts the value.

Sets the value of the
CustomIdentityKeyStorePassPhraseEncrypted attribute to
the encrypted value.

Using this attribute
(CustomIdentityKeyStorePassPhrase) is a potential
security risk because the String object (which contains the
unencrypted password) remains in the JVM's memory until garbage
collection removes it and the memory is reallocated. Depending on
how memory is allocated in the JVM, a significant amount of time
could pass before this unencrypted data is removed from memory.

Instead of using this attribute, use
CustomIdentityKeyStorePassPhraseEncrypted.

The trust keystore's passphrase. If empty or null, then the
keystore will be opened without a passphrase.

This attribute is only used if KeyStores is "Custom Stores".

When you get the value of this attribute, WebLogic Server does
the following:

Retrieves the value of the
TrustKeyStorePassPhraseEncrypted attribute.

Decrypts the value and returns the unencrypted password as a
String.

When you set the value of this attribute, WebLogic Server does
the following:

Encrypts the value.

Sets the value of the
TrustKeyStorePassPhraseEncrypted attribute to the
encrypted value.

Using this attribute (TrustKeyStorePassPhrase) is a
potential security risk because the String object (which contains
the unencrypted password) remains in the JVM's memory until garbage
collection removes it and the memory is reallocated. Depending on
how memory is allocated in the JVM, a significant amount of time
could pass before this unencrypted data is removed from memory.

Instead of using this attribute, use
TrustKeyStorePassPhraseEncrypted.